This draft comes from a simple operational note, but it is the kind of change that is still useful to record because it is easy to forget the exact sysctl settings when you need them in a hurry.

It is also worth being explicit about the timeframe. This note reflects what I wrote down in 2023 for an Ubuntu 20.04 task. I want to keep that historical record, but I do not want the post to read like a timeless recommendation.

The Change

Edit /etc/sysctl.conf and add:

1
2

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

Then reload sysctl:

1

sudo sysctl -p

Why I Keep Notes Like This

This is not a deep troubleshooting story. It is more of a practical admin reference.

Sometimes a service, route, or external dependency behaves more predictably when the host stops preferring IPv6 paths. In those cases, keeping the exact change written down saves time later.

One Important Caution

I would not disable IPv6 casually across all environments. It is usually better to understand why a workload is misbehaving first. But when you do need to force IPv4 behavior temporarily or by design, this is the minimal sysctl-level change I used on Ubuntu 20.04.

What I Would Say Today

If I were writing this as fresh advice in 2026 instead of preserving an older note, I would frame it much more carefully.

On current Ubuntu releases, especially Ubuntu 24.04, the firewall and packet-filtering stack is much more centered around modern Netfilter workflows. Ubuntu’s current documentation treats nftables as the modern packet-filtering framework, notes that it supports common IPv4 and IPv6 rules, and documents ufw as a frontend that can manage an IPv4 or IPv6 host firewall. Because of that, blanket IPv6 disablement is usually not the direction I want to take first.

In practice, my current view is:

  • if a service has an IPv6 problem, fix the service or routing problem first
  • if a firewall policy is incomplete, make the IPv6 policy explicit instead of pretending IPv6 does not exist
  • if tools like nftables, ufw, or fail2ban are part of the host hardening story, I would rather keep the network model consistent than quietly remove one half of it

That last point is partly an operational inference from how these systems are managed today. Once a machine is expected to be dual-stack, disabling IPv6 can create an awkward gap between what the operating system, the firewall layer, and the administrator think the host is doing. It can also make later troubleshooting more confusing, especially when a service binds on both families or when security tooling is expected to handle both IPv4 and IPv6 paths cleanly.

So I still want to keep this note, but as a dated workaround:

  • useful for the exact Ubuntu 20.04 situation where forcing IPv4 was the quickest fix
  • not my default recommendation for a modern Ubuntu 24.04 build

If I revisit this draft again, I may eventually retitle it more explicitly as a legacy or situation-specific workaround rather than a general configuration guide.